Sub-million turnover attracts focus of UK security compliance

This week, the UK’s Department for Culture, Media and Sport (DCMS) published its long-awaited consultations on the new draft Electronic Communications (Security Measures) Regulations and on the Code of Practice, both derived from their new powers under the Telecommunications (Security Act) 2021. For some time, with the help of what we consider to be a sleight of hand from DCMS, many smaller operators have had false hope that the tiering in the Code of Practice will exempt them from having much of a compliance burden. While that is true of the contents Read more…

Cost is no object

There is a lot for the UK telecommunications industry to be getting a move on with at the moment. The Government is consulting on the future of cyber-security in the sector, we have the Product Security and Telecommunications Infrastructure Bill, pending consultations on the secondary legislation and Code of Conduct following on from Telecommunications (Security) Act 2021, two meaty waves of changes to regulations following the transposition of the European Electronic Communications Code to implement, a long-overdue consultation from the Office of Communications (Ofcom) on CLI Authentication, and more. And Read more…

Government approval needed for changes of control of UK telcos.

The National Security and Investment Act 2021 came into force today; and it is something anyone reading this in the UK will probably want to keep in mind. At a very broad level, it requires that the Government be informed of any change in control (using the thresholds from the Companies Act 2006 for ‘persons of significant control’ i.e. starting at 25%) or change in material influence (using the merger guidance derived from the Enterprise Act 2002) of a qualifying entity. You’ll then have to wait for the Government’s blessing Read more…

Draconian gets the Royal seal of approval

The Telecommunications Security Bill, which we previously highlighted as being draconian in the Henry VIII sense of the word, has passed largely unamended through both Houses of Parliament in the United Kingdom and will shortly get Royal Assent. The Bill (soon to be an Act), while containing some important operative provisions, is fundamentally an enabler for two upcoming instruments – the Telecommunications (Security) Regulations and the Code of Conduct. The former had a draft published with the Bill, but the responsible UK Government department, the Department for Culture, Media and Read more…

Data Protection? Mere box-ticking is not the answer.

T-Mobile. TalkTalk. Multi-billion-dollar telecommunications companies that wish they had taken their data protection obligations more seriously.  I know from experience that many organisations view regulations such as the European Union’s General Data Protection Regulation (GDPR), as burdensome red tape; a ‘box-ticking’ exercise that holds them back from doing business. But, would you board a plane if you knew the pilot had just ticked off items on the checklist without paying an appropriate amount of attention? I doubt it. Likewise, I suspect most readers would not go into the operating theatre Read more…